Debian Package Tracker

general

source: mxml (main)
version: 2.12-2
maintainer: Alastair McKinstry [DMD]
arch: any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6-2
oldstable: 2.6-2
stable: 2.10-1
testing: 2.12-2
unstable: 2.12-2

versioned links

2.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmxml-bin
libmxml-dev
libmxml1

action needed

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: could not read Username for 'https://salsa.debian.org:': No such device or address

Created: 2018-07-09 Last update: 2019-01-21 19:38

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20005: An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-01-16 21:08

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20005: An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-01-16 21:08

6 security issues in jessie high

There are 6 open security issues in jessie.

3 important issues:

CVE-2016-4570: The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2018-20004: An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
CVE-2016-4571: The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

3 issues skipped by the security teams:

CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20005: An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

Please fix them.

Created: 2016-05-06 Last update: 2019-01-16 21:08

4 security issues in stretch high

There are 4 open security issues in stretch.

2 important issues:

CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

2 issues skipped by the security teams:

CVE-2018-20004: An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
CVE-2018-20005: An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-01-16 21:08

Build log checks report 1 error and 3 warnings high

Build log checks report 1 error and 3 warnings

Created: 2014-07-02 Last update: 2018-03-03 01:34

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-01-12 Last update: 2019-01-12 05:45

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-01-22 07:19

news

[rss feed]

[2019-01-07] mxml 2.12-2 MIGRATED to testing (Debian testing watch)
[2019-01-02] Accepted mxml 2.12-2 (source amd64) into unstable (Alastair McKinstry)
[2018-10-11] mxml 2.12-1 MIGRATED to testing (Debian testing watch)
[2018-10-11] mxml 2.12-1 MIGRATED to testing (Debian testing watch)
[2018-10-06] Accepted mxml 2.12-1 (source amd64) into unstable (Alastair McKinstry)
[2018-07-14] mxml 2.11-2 MIGRATED to testing (Debian testing watch)
[2018-07-09] Accepted mxml 2.11-2 (source amd64) into unstable (Alastair McKinstry)
[2018-03-08] mxml 2.11-1 MIGRATED to testing (Debian testing watch)
[2018-03-02] Accepted mxml 2.11-1 (source amd64) into unstable (Alastair McKinstry)
[2016-09-21] mxml 2.10-1 MIGRATED to testing (Debian testing watch)
[2016-09-15] Accepted mxml 2.10-1 (source amd64) into unstable (Alastair McKinstry)
[2016-09-06] mxml 2.9-3 MIGRATED to testing (Debian testing watch)
[2016-08-31] Accepted mxml 2.9-3 (source amd64) into unstable, unstable (Alastair McKinstry)
[2016-06-16] mxml 2.9-2 MIGRATED to testing (Debian testing watch)
[2016-06-11] Accepted mxml 2.9-2 (source amd64) into unstable (Alastair McKinstry)
[2016-06-10] Accepted mxml 2.9-1 (source amd64) into unstable (Alastair McKinstry)
[2013-01-03] Accepted mxml 2.7-1 (source amd64) (Luis Uribe) (signed by: Yaroslav Halchenko)
[2011-02-06] mxml 2.6-2 MIGRATED to testing (Debian testing watch)
[2010-10-22] Accepted mxml 2.6-2 (source mipsel) (Luis Uribe) (signed by: Anibal Monsalve Salazar)
[2009-11-27] mxml 2.6-1 MIGRATED to testing (Debian testing watch)
[2009-11-17] Accepted mxml 2.6-1 (source amd64) (Luis Uribe)
[2008-07-09] mxml 2.5-2 MIGRATED to testing (Debian testing watch)
[2008-06-29] Accepted mxml 2.5-2 (source amd64) (Luis Uribe)
[2008-05-21] mxml 2.5-1 MIGRATED to testing (Debian testing watch)
[2008-05-10] Accepted mxml 2.5-1 (source amd64) (Luis Uribe)
[2008-02-06] mxml 2.4-1 MIGRATED to testing (Debian testing watch)
[2008-01-20] Accepted mxml 2.4-1 (source amd64) (Luis Uribe)
[2007-08-31] mxml 2.3-1 MIGRATED to testing (Debian testing watch)
[2007-08-19] Accepted mxml 2.3-1 (source amd64) (Fathi Boudra) (signed by: Pierre Habouzit)
[2006-10-16] Accepted mxml 2.2-2 (source amd64) (Michael Ablassmeier)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.12-2
2 bugs